Add tests

Author: joefarebrother

java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql

@@ -14,7 +14,7 @@ import java
 import semmle.code.java.security.SensitiveLoggingQuery
 import PathGraph
 
-from LoggerConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+from SensitiveLoggerConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This $@ is written to a log file.", source.getNode(),
-  "sensitive information"
+  "potentially sensitive information"

java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.expected

@@ -0,0 +1,11 @@
+import java
+import TestUtilities.InlineFlowTest
+import semmle.code.java.security.SensitiveLoggingQuery
+
+class HasFlowTest extends InlineFlowTest {
+  override DataFlow::Configuration getTaintFlowConfig() {
+    result instanceof SensitiveLoggerConfiguration
+  }
+
+  override DataFlow::Configuration getValueFlowConfig() { none() }
+}

java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql

@@ -0,0 +1,16 @@
+import org.apache.logging.log4j.Logger;
+
+class Test {
+    void test(String password) {
+        Logger logger = null;
+
+        logger.info("User's password is: " + password); // $ hasTaintFlow
+    }   
+
+    void test2(String authToken) {
+        Logger logger = null;
+
+        logger.error("Auth failed for: " + authToken); // $ hasTaintFlow 
+    }
+
+}

java/ql/test/query-tests/security/CWE-532/Test.java

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-log4j-1.2.17:${testdir}/../../../stubs/apache-log4j-2.14.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/jboss-logging-3.4.2:${testdir}/../../../stubs/slf4j-2.0.0:${testdir}/../../../stubs/scijava-common-2.87.1:${testdir}/../../../stubs/flogger-0.7.1:${testdir}/../../../stubs/google-android-9.0.0